Global Moderator
Being HACKED -- Need to disable Uploads ASAP
I've done what I can to stop them, but I want to turn on safemode and other things to stop any chance of them using my forum against me.
Please let me know waht to do.
Sorry 'bout the short post... between classes...
stupid hackers...
more info later.
thanks.
Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
Junior Coders
Yeah, more info would be helpful, although I feel sorry for you - script kiddies are scum.
Modtoreador
See my PM.
Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!
Global Moderator
Yeah, thanks, Twey.
Is there a way to disable uploads through PHP?
Basically... they hacked into the admin control panel and were using that to upload php pages. I'd like to disable uploads til I can work things out.
At this point, I found his IP address and have contacted the company (ISP). We'll see what happens.
Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
Modtoreador
Set file_uploads to Off in php.ini.
Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!
Junior Coders
Or you could use htaccess to deny post method from forms...like this:
Code:<Limit POST> order allow,deny deny from all </Limit>
Modtoreador
Except that that would prevent any POST requests, which is not what djr33 wishes to accomplish.
Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!
Junior Coders
But it would stop the hackers, and it's quite interesting, because I didn't know you could stop the POST method in a .htaccess.
Modtoreador
You can. Also GET, PUT and TRACE. The latter two shouldn't be enabled by default, although TRACE often is. There are a couple of minor XSS vulnerabilities that can be caused with it in some situations.
Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!
Global Moderator
Thanks, guys. Will look into it.
This guy's annoying... deleted some threads now... seems to like threatening. He didn't delete them all, like he wants me to let him hack the server or he will.... weird.
I've got backups anyway. We'll see.
Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
Posting Permissions
Reply With Quote
Bookmarks